Microsoft’s Office 2007 Hit By Additional Bugs
Even as Microsoft Corp. released a patch to fix a bug that was plaguing Word 2000 and 2002 for the last two-months on April 10, 2007, three additional flaws in the firm's Office suite were discovered by a security investigator.
Offensive Security's Mati Aharoni, utilized couple of security listings to caution against the three latest unpatched bugs in Word 2007; the blog site of McAfee Inc., acquired them from the Milw0rm and SecurityVulns.com's April 10, 2007 notices. Aharoni also sent distorted Word documents as corroboration of the three bugs.
As per Computerworld's report on April 11, 2007, Aharoni told, he detected the bugs via a "fuzzer," an instrument that examines software for exposures by transmitting random stimulation. Out of the three flaws, two could cause a denial-of-service-like danger, with the mainframe (CPU) reaching 100%, rendering the machine useless pending rebooting.
As per Aharoni, the third bug could be exploited to insert remote incursion command resulting in leakage of "wwlib.dll," a vital Word records. However, "code implementation is not insignificant," he appended.
Besides challenging news about three recent bugs in its Office software, Microsoft Corp. is also focusing on how these so-called bugs were discovered, the company said on April 11, 2007.
Microsoft in its declaration alleged that none of the bugs purported to have infected Word 2007 "reveal any flaw in any of the Office 2007 or Word 2007 products."
Though, Microsoft generally removes flaws that favor code implementation or rights elevation, from bugs that cause denial of service - or rather, a flaw that winds up breaking down the infected software or the PC. The company also isn't repudiating the possibility of the flaws exposed by Aharoni.
Security investigators have maintained that while Microsoft patches up troubles inside its OSs, cyber-terrorists are aggressively looking for bugs in its Office software.
Microsoft issued five patches for eight host and user-side flaws on April 10, 2007, that could initiate hackers implementing arbitrary code.
The most vital fix freed up was MS07-021, which repairs a privilege escalation bug in Microsoft Client/Server Runtime Server Subsystem (CRSSS) and infects all OS editions, along with Vista.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 19-04-2007